// it under the terms of the GNU General Public License as published
// by the Free Software Foundation, either version 3 of the License,
// or (at your option) any later version.
//
// XOS-Shop is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_ATTRIBUTES_QTY_LIST) == 'overwrite_all')) {
require DIR_FS_SMARTY . 'admin/languages/' . $_SESSION['language'] . '/' . FILENAME_CATEGORIES;
if (xos_has_product_attributes((int) $_GET['products_id']) && STOCK_CHECK == 'true') {
$product_query = xos_db_query("select attributes_quantity, attributes_not_updated from " . TABLE_PRODUCTS . " where products_status = '1' and products_id = '" . (int) $_GET['products_id'] . "'");
$product = xos_db_fetch_array($product_query);
$attributes_quantity = xos_get_attributes_quantity($product['attributes_quantity']);
if (xos_not_null($attributes_quantity) && !xos_not_null($product['attributes_not_updated'])) {
$opt_query = xos_db_query("select pa.options_id, po.products_options_name from " . TABLE_PRODUCTS_ATTRIBUTES . " pa, " . TABLE_PRODUCTS_OPTIONS . " po where pa.products_id = '" . (int) $_GET['products_id'] . "' and pa.options_id = po.products_options_id and po.language_id = '" . (int) $_SESSION['used_lng_id'] . "' order by pa.options_sort_order asc, pa.options_id asc");
$opt_array = array();
$opt_values_array = array();
$opt_result_array = array();
$opt_rows_array = array();
$opt_out_array = array();
$i = 0;
$ii = 1;
$option_id = '';
while ($opt = xos_db_fetch_array($opt_query)) {
if ($option_id == $opt['options_id']) {
if ($pop_size[1] > $pop_height) {
$pop_height = $pop_size[1];
}
}
if ($small_width_total > $pop_width) {
$pop_width = $small_width_total;
}
$products_images_array = array();
$i = 0;
foreach ($products_image_name as $products_img_name) {
$products_images_array[] = array('link_product_img' => xos_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $product_info['products_id'] . '&img_name=' . rawurlencode($products_img_name['name'])), 'link_product_img_noscript' => xos_href_link(FILENAME_IMAGES_WINDOW, 'pID=' . $product_info['products_id'], 'NONSSL', true, false, false, false, false), 'href_to_product_img_large' => xos_href_link(DIR_WS_IMAGES . 'products/large/' . rawurlencode($products_img_name['name']), '', 'NONSSL', false, false, false, false, false), 'src_product_img_medium' => xos_href_link(DIR_WS_IMAGES . 'products/medium/' . rawurlencode($products_img_name['name']), '', 'NONSSL', false, false, false, false, false), 'product_img_medium' => xos_image(DIR_WS_IMAGES . 'products/medium/' . rawurlencode($products_img_name['name']), addslashes($product_info['products_name']), '0', '0'), 'i' => $i);
$i++;
}
$smarty->assign(array('box_width' => (int) ($pop_width + 50), 'box_height' => (int) ($pop_height + $small_height + 55), 'products_images' => $products_images_array));
}
if (xos_has_product_attributes((int) $_GET['p'])) {
xos_not_null($product_info['attributes_combinations']) ? $combinations_string = $product_info['attributes_combinations'] : ($combinations_string = '');
$attributes_quantity = xos_get_attributes_quantity($product_info['attributes_quantity']);
if (xos_not_null($attributes_quantity) && $combinations_string != '' && STOCK_CHECK == 'true' && STOCK_ALLOW_CHECKOUT == 'false') {
$combination_elements = explode('|', $combinations_string);
for ($i = 0, $n = sizeof($combination_elements); $i < $n; $i++) {
if ($attributes_quantity[$combination_elements[$i]] < 1) {
unset($combination_elements[$i]);
}
}
ksort($combination_elements);
$combinations_string = implode('|', $combination_elements);
$combinations_string .= '|';
}
$combi_str = '';
$comb_str = '';
$in_special_status = false;
$out_special_status = true;
}
$special_expires_date_query = xos_db_query("select date_format(expires_date, '" . DATE_FORMAT_SHORT . "') as expires_date from " . TABLE_SPECIALS . " where products_id = '" . (int) $product['products_id'] . "' and customers_group_id = '" . (int) $customers_group['customers_group_id'] . "'");
$special_expires_date = xos_db_fetch_array($special_expires_date_query);
$customers_groups_array[] = array('name' => $customers_group['customers_group_name'], 'id' => $customers_group['customers_group_id'], 'toggle_name' => 'toggle_' . $customers_group['customers_group_id'], 'display' => $sizeof > 2 ? '' : 'display: none', $customers_group['customers_group_id'] == 0 ? '' : 'input_checkbox' => xos_draw_checkbox_field('option[' . $customers_group['customers_group_id'] . ']', 'option[' . $customers_group['customers_group_id'] . ']', $products_prices[$customers_group['customers_group_id']][0] ? true : false, '', 'onclick="updateChecked(\'' . $customers_group['customers_group_id'] . '\')"'), 'input_price' => xos_draw_input_field('products_price_' . $customers_group['customers_group_id'], $products_prices[$customers_group['customers_group_id']][0]['regular'], 'style="background: #fffffe;" size ="11" onkeyup="updateGross(\'products_price_' . $customers_group['customers_group_id'] . '\', \'products_price_gross_' . $customers_group['customers_group_id'] . '\')"'), 'input_price_gross' => xos_draw_input_field('products_price_gross_' . $customers_group['customers_group_id'], $products_prices[$customers_group['customers_group_id']][0]['regular'], 'style="background: #fffffe;" size ="11" onkeyup="updateNet(\'products_price_gross_' . $customers_group['customers_group_id'] . '\', \'products_price_' . $customers_group['customers_group_id'] . '\')"'), 'input_special_price' => xos_draw_input_field('products_special_price_' . $customers_group['customers_group_id'], $products_prices[$customers_group['customers_group_id']][0]['special'], 'style="background: ' . (in_array($customers_group['customers_group_id'], $error_groups) && !$products_prices[$customers_group['customers_group_id']][0]['special'] > 0 ? '#000000' : '#ffe1e1') . '; color : red;" size ="11" onkeyup="updateGross(\'products_special_price_' . $customers_group['customers_group_id'] . '\', \'products_special_price_gross_' . $customers_group['customers_group_id'] . '\')"'), 'input_special_price_gross' => xos_draw_input_field('products_special_price_gross_' . $customers_group['customers_group_id'], $products_prices[$customers_group['customers_group_id']][0]['special'], 'style="background: ' . (in_array($customers_group['customers_group_id'], $error_groups) && !$products_prices[$customers_group['customers_group_id']][0]['special'] > 0 ? '#000000' : '#ffe1e1') . '; color : red;" size ="11" onkeyup="updateNet(\'products_special_price_gross_' . $customers_group['customers_group_id'] . '\', \'products_special_price_' . $customers_group['customers_group_id'] . '\')"'), 'input_special_expires_date' => xos_draw_input_field('special_expires_date_' . $customers_group['customers_group_id'], $special_expires_date['expires_date'], 'id ="special_expires_date_' . $customers_group['customers_group_id'] . '" style="background: #ffffcc;" size ="10"'), 'radio_special_status_1' => xos_draw_radio_field('products_special_status_' . $customers_group['customers_group_id'], '1', $in_special_status), 'radio_special_status_0' => xos_draw_radio_field('products_special_status_' . $customers_group['customers_group_id'], '0', $out_special_status), 'price_breaks' => $price_breaks_array);
unset($price_breaks_array);
$update_gross_string .= 'updateGross(\'products_price_' . $customers_group['customers_group_id'] . '\', \'products_price_gross_' . $customers_group['customers_group_id'] . '\');' . "\n" . 'updateGross(\'products_special_price_' . $customers_group['customers_group_id'] . '\', \'products_special_price_gross_' . $customers_group['customers_group_id'] . '\');';
$update_net_string .= 'updateNet(\'products_price_gross_' . $customers_group['customers_group_id'] . '\', \'products_price_' . $customers_group['customers_group_id'] . '\');' . "\n" . 'updateNet(\'products_special_price_gross_' . $customers_group['customers_group_id'] . '\', \'products_special_price_' . $customers_group['customers_group_id'] . '\');';
if ($customers_group['customers_group_id'] != 0) {
$update_checked_string .= 'updateChecked(\'' . $customers_group['customers_group_id'] . '\');';
}
$javascript .= "\n" . '$(function() {' . "\n" . ' $( "#special_expires_date_' . $customers_group['customers_group_id'] . '" ).datepicker({' . "\n" . ' changeMonth: true,' . "\n" . ' changeYear: true' . "\n" . ' });' . "\n" . '});' . "\n";
}
////////////////////////////////////////
$has_product_attributes = xos_has_product_attributes($_GET['product_ID']);
if ($has_product_attributes) {
$attributes = xos_db_query("select distinct pa.*, po.products_options_name, pov.products_options_values_name from " . TABLE_PRODUCTS_ATTRIBUTES . " pa, " . TABLE_PRODUCTS_OPTIONS . " po, " . TABLE_PRODUCTS_OPTIONS_VALUES . " pov where pa.products_id ='" . (int) $_GET['product_ID'] . "' and pa.options_id = po.products_options_id and pa.options_values_id = pov.products_options_values_id and po.language_id = pov.language_id and po.language_id = '" . (int) $_SESSION['used_lng_id'] . "' order by pa.options_sort_order, po.products_options_id, pa.options_values_sort_order, pov.products_options_values_name");
$current_attributes_values_array = array();
$attributes_values_array = array();
while ($attributes_values = xos_db_fetch_array($attributes)) {
if ($attributes_values['options_id'] != $options_id) {
$options_id = $attributes_values['options_id'];
$options_name = $attributes_values['products_options_name'];
} else {
$options_name = '';
}
$current_attributes_values_array[$attributes_values['products_attributes_id']] = array('value_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']);
$attributes_values_array[] = array('option_name' => $options_name, 'value_name' => $attributes_values['products_options_values_name'], 'input_value_price' => xos_draw_input_field('value_price_' . $attributes_values['products_attributes_id'], $attributes_values['options_values_price'], 'style="background: #fffffe;" size ="11" onkeyup="updateGross(\'value_price_' . $attributes_values['products_attributes_id'] . '\', \'value_price_gross_' . $attributes_values['products_attributes_id'] . '\')"'), 'input_value_price_gross' => xos_draw_input_field('value_price_gross_' . $attributes_values['products_attributes_id'], $attributes_values['options_values_price'], 'style="background: #fffffe;" size ="11" onkeyup="updateNet(\'value_price_gross_' . $attributes_values['products_attributes_id'] . '\', \'value_price_' . $attributes_values['products_attributes_id'] . '\')"'), 'input_price_prefix' => xos_draw_input_field('price_prefix_' . $attributes_values['products_attributes_id'], $attributes_values['price_prefix'], 'style="background: #fffffe; text-align:center;" size ="1"'));
$update_gross_string .= 'updateGross(\'value_price_' . $attributes_values['products_attributes_id'] . '\', \'value_price_gross_' . $attributes_values['products_attributes_id'] . '\');' . "\n";
$update_net_string .= 'updateNet(\'value_price_gross_' . $attributes_values['products_attributes_id'] . '\', \'value_price_' . $attributes_values['products_attributes_id'] . '\');' . "\n";
// filename: categories.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/includes/modules/new_product.php') == 'overwrite_all')) {
$form_action = isset($_GET['pID']) ? 'update_product' : 'insert_product';
$parameters = array('products_name' => '', 'products_p_unit' => '', 'products_info' => '', 'products_description' => '', 'products_url' => '', 'products_id' => '', 'products_quantity' => '', 'products_delivery_time_id' => '', 'products_sort_order' => '', 'products_model' => '', 'products_image' => '', 'products_price' => '', 'products_weight' => '', 'products_date_added' => '', 'products_last_modified' => '', 'products_date_available' => '', 'products_status' => '', 'products_tax_class_id' => '', 'manufacturers_id' => '', 'attributes_quantity' => '');
if (isset($_GET['pID'])) {
$product_query = xos_db_query("select products_id, products_quantity, products_delivery_time_id, products_model, products_image, products_price, products_sort_order, products_weight, products_date_added, products_last_modified, date_format(products_date_available, '" . DATE_FORMAT_SHORT . "') as products_date_available, products_status, products_tax_class_id, manufacturers_id, attributes_quantity, attributes_not_updated from " . TABLE_PRODUCTS . " where products_id = '" . (int) $_GET['pID'] . "'");
$product = xos_db_fetch_array($product_query);
$pInfo = new objectInfo($product);
} else {
$pInfo = new objectInfo($parameters);
}
$products_image = xos_get_product_images($pInfo->products_image, 'all');
$has_product_attributes = xos_has_product_attributes($pInfo->products_id);
$manufacturers_array = array(array('id' => '', 'text' => TEXT_NONE));
$manufacturers_query = xos_db_query("select manufacturers_id, manufacturers_name from " . TABLE_MANUFACTURERS_INFO . " where languages_id = '" . (int) $_SESSION['used_lng_id'] . "' order by manufacturers_name");
while ($manufacturers = xos_db_fetch_array($manufacturers_query)) {
$manufacturers_array[] = array('id' => $manufacturers['manufacturers_id'], 'text' => $manufacturers['manufacturers_name']);
}
$delivery_times_array = array(array('id' => '', 'text' => TEXT_NONE));
$delivery_times_query = xos_db_query("select delivery_times_id, delivery_times_text from " . TABLE_DELIVERY_TIMES . " where language_id = '" . (int) $_SESSION['used_lng_id'] . "' order by delivery_times_id");
while ($delivery_times = xos_db_fetch_array($delivery_times_query)) {
$delivery_times_array[] = array('id' => $delivery_times['delivery_times_id'], 'text' => $delivery_times['delivery_times_text']);
}
$tax_class_array = array(array('id' => '0', 'text' => TEXT_NONE));
$tax_class_query = xos_db_query("select distinct tc.tax_class_id, tc.tax_class_title from " . TABLE_TAX_CLASS . " tc, " . TABLE_TAX_RATES . " tr where tc.tax_class_id = tr.tax_class_id order by tc.tax_class_title");
while ($tax_class = xos_db_fetch_array($tax_class_query)) {
$tax_class_array[] = array('id' => $tax_class['tax_class_id'], 'text' => $tax_class['tax_class_title']);
}
case 'notify_remove':
if (isset($_SESSION['customer_id']) && isset($_GET['p'])) {
$check_query = xos_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $_GET['p'] . "' and customers_id = '" . $_SESSION['customer_id'] . "'");
$check = xos_db_fetch_array($check_query);
if ($check['count'] > 0) {
xos_db_query("delete from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $_GET['p'] . "' and customers_id = '" . $_SESSION['customer_id'] . "'");
}
xos_redirect(xos_href_link(basename($_SERVER['PHP_SELF']), xos_get_all_get_params(array('action'))));
} else {
$_SESSION['navigation']->set_snapshot();
xos_redirect(xos_href_link(FILENAME_LOGIN, '', 'SSL'));
}
break;
case 'cust_order':
if (isset($_SESSION['customer_id']) && isset($_GET['pid'])) {
if (xos_has_product_attributes($_GET['pid'])) {
xos_redirect(xos_href_link(FILENAME_PRODUCT_INFO, 'p=' . $_GET['pid']));
} else {
$_SESSION['cart']->add_cart($_GET['pid'], $_SESSION['cart']->get_quantity($_GET['pid']) + 1);
}
}
xos_redirect(xos_href_link($goto, xos_get_all_get_params($parameters)));
break;
}
}
// update stats products_viewed
if (basename($_SERVER['PHP_SELF']) == FILENAME_PRODUCT_INFO) {
xos_db_query("insert into " . TABLE_PRODUCTS_STATS . " (products_id, language_id, products_viewed) values('" . (int) $_GET['p'] . "', '" . (int) $_SESSION['languages_id'] . "', '1') on duplicate key update products_viewed = products_viewed+1");
}
// include the who's online functions
if (!in_array(basename($_SERVER['PHP_SELF']), array(FILENAME_CSS, FILENAME_JS, FILENAME_TEST))) {
function restore_contents()
{
if (!isset($_SESSION['customer_id'])) {
return false;
}
// insert current cart contents in database
if (is_array($this->contents)) {
reset($this->contents);
while (list($products_id, ) = each($this->contents)) {
$qty = $this->contents[$products_id]['qty'];
$product_query = xos_db_query("select products_id from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' and products_id = '" . xos_db_input($products_id) . "'");
if (!xos_db_num_rows($product_query)) {
xos_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($products_id) . "', '" . $qty . "', '" . date('Ymd') . "')");
} else {
xos_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . $qty . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "' and products_id = '" . xos_db_input($products_id) . "'");
}
}
}
// reset per-session cart contents, but not the database contents
$this->reset(false);
$products_query = xos_db_query("select products_id, customers_basket_quantity from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' order by customers_basket_id ");
while ($products = xos_db_fetch_array($products_query)) {
$this->contents[$products['products_id']] = array('qty' => $products['customers_basket_quantity']);
// attributes
if (strpos($products['products_id'], '-') !== false) {
list($prid, $attributes_sting) = explode('-', $products['products_id']);
$attributes_values = explode('_', $attributes_sting);
for ($i = 0, $n = sizeof($attributes_values); $i < $n; $i++) {
list($key, $value) = explode(',', $attributes_values[$i]);
if (is_numeric($key) && is_numeric($value)) {
$this->contents[$products['products_id']]['attributes'][$key] = $value;
}
}
}
}
if (isset($_SESSION['customer_id'])) {
xos_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
}
// basket und cart auf Basis des Produktangebots aktualisieren (begin)
if (is_array($this->contents)) {
reset($this->contents);
while (list($products_id, ) = each($this->contents)) {
$check_basket = false;
$qty = $this->contents[$products_id]['qty'];
$product_check_query = xos_db_query("select p.products_id, p.attributes_quantity, p.attributes_combinations from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id = p2c.products_id left join " . TABLE_CATEGORIES_OR_PAGES . " c on p2c.categories_or_pages_id = c.categories_or_pages_id where c.categories_or_pages_status = '1' and p.products_status = '1' and p.products_id = '" . xos_db_input(xos_get_prid($products_id)) . "'");
if (xos_db_num_rows($product_check_query) > 0) {
$product_check = xos_db_fetch_array($product_check_query);
$check_basket = true;
if (isset($this->contents[$products_id]['attributes'])) {
reset($this->contents[$products_id]['attributes']);
while (list($option, $value) = each($this->contents[$products_id]['attributes'])) {
$attributes_check_query = xos_db_query("select count(*) as total from " . TABLE_PRODUCTS_ATTRIBUTES . " where options_id = '" . (int) $option . "' and options_values_id = '" . (int) $value . "' and products_id = '" . xos_db_input(xos_get_prid($products_id)) . "'");
$attributes_check = xos_db_fetch_array($attributes_check_query);
if ($attributes_check['total'] > 0) {
if (xos_not_null($product_check['attributes_combinations']) && strpos($products_id, '-') !== false) {
list($prid, $attributes_sting) = explode('-', $products_id);
$combinations = explode('|', $product_check['attributes_combinations']);
if (!in_array($attributes_sting, $combinations)) {
$check_basket = false;
} elseif (STOCK_CHECK == 'true' && STOCK_ALLOW_CHECKOUT == 'false') {
$attributes_quantity = xos_get_attributes_quantity($product_check['attributes_quantity']);
if ($attributes_quantity[$attributes_sting] < 1) {
$check_basket = false;
}
}
}
} else {
$check_basket = false;
}
}
} elseif (xos_has_product_attributes($products_id)) {
$check_basket = false;
}
}
if ($check_basket == true) {
xos_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($products_id) . "', '" . $qty . "', '" . date('Ymd') . "')");
}
}
}
// reset per-session cart contents, but not the database contents
$this->reset(false);
$products_query = xos_db_query("select products_id, customers_basket_quantity from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' order by customers_basket_id ");
while ($products = xos_db_fetch_array($products_query)) {
$this->contents[$products['products_id']] = array('qty' => $products['customers_basket_quantity']);
// attributes
if (strpos($products['products_id'], '-') !== false) {
list($prid, $attributes_sting) = explode('-', $products['products_id']);
$attributes_values = explode('_', $attributes_sting);
for ($i = 0, $n = sizeof($attributes_values); $i < $n; $i++) {
list($key1, $value1) = explode(',', $attributes_values[$i]);
if (is_numeric($key1) && is_numeric($value1)) {
$this->contents[$products['products_id']]['attributes'][$key1] = $value1;
}
}
}
}
// basket und cart auf Basis des Produktangebots aktualisieren (end)
$this->cleanup();
// assign a temporary unique ID to the order contents to prevent hack attempts during the checkout procedure
$this->cartID = $this->generate_cart_id();
}